Skip to content

Commit

Permalink
validate invalid/unsupported schemes (#311)
Browse files Browse the repository at this point in the history
* validate invalid/unsupported schemes

* make apiserver env optional
  • Loading branch information
tarunKoyalwar authored Jan 22, 2024
1 parent 2f9e8b5 commit 65b7a66
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 2 deletions.
2 changes: 1 addition & 1 deletion auth/pdcp/creds.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func (p *PDCPCredHandler) GetCreds() (*PDCPCredentials, error) {
// if not or incomplete credentials are found it return nil
func (p *PDCPCredHandler) getCredsFromEnv() *PDCPCredentials {
apiKey := env.GetEnvOrDefault(apiKeyEnv, "")
apiServer := env.GetEnvOrDefault(apiServerEnv, "")
apiServer := env.GetEnvOrDefault(apiServerEnv, DefaultApiServer)
if apiKey == "" || apiServer == "" {
return nil
}
Expand Down
5 changes: 4 additions & 1 deletion url/parsers.go
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,10 @@ func absoluteURLParser(u *URL) (*URL, error) {
FTP + SchemeSeparator,
"//",
}
if stringsutil.HasPrefixAny(u.Original, allowedSchemes...) {
if strings.Contains(u.Original, SchemeSeparator) || strings.HasPrefix(u.Original, "//") {
if !strings.HasPrefix(u.Original, "//") && !stringsutil.HasPrefixAny(u.Original, allowedSchemes...) {
return nil, errorutil.NewWithTag("urlutil", "failed to parse url got invalid scheme input=%v", u.Original)
}
u.IsRelative = false
urlparse, parseErr := url.Parse(u.Original)
if parseErr != nil {
Expand Down
20 changes: 20 additions & 0 deletions url/url_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -204,3 +204,23 @@ func TestUnicodeEscapeWithUnsafe(t *testing.T) {
require.Equal(t, v.expected, urlx.String())
}
}

func TestInvalidScheme(t *testing.T) {
testcases := []struct {
input string
expectedErr bool
}{
{"//:foo", true},
{"://foo", true},
}
for _, v := range testcases {
urlx, err := ParseAbsoluteURL(v.input, true)
if v.expectedErr {
require.NotNil(t, err)
require.Nil(t, urlx)
} else {
require.Nil(t, err)
require.NotNil(t, urlx)
}
}
}

0 comments on commit 65b7a66

Please sign in to comment.